Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected with something, please help.


  • This topic is locked This topic is locked
25 replies to this topic

#1 Floydy

Floydy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 27 April 2011 - 08:35 PM

Hi and many thanks in advance. I recently went onto a streaming site to watch some sports and after watching came off a little confused, my avast was going crazy with constant 'malicious url's repelled', this has never happened before. I've attached a log below using DDS as instructed in the tutorial and hope I managed to follow the instructions correctly. I tried to run the gmer but i got this message - ! Cannot execute "C:\DOCUME~1\Lloyd\LOCALS~1\Temp\Rar$EX00.375\gmer.exe".


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lloyd at 21:15:08.90 on Wed 04/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1755 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\TEMP\wng703.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\32788R22FWJFW\FireFox.exe
C:\DOCUME~1\Lloyd\LOCALS~1\Temp\Otn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Oworib.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lloyd\Local Settings\Temporary Internet Files\Content.IE5\FY4E9PCW\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} -
BHO: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - Dealio Toolbar
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} -
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [Google Update] "c:\documents and settings\lloyd\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [GHWAUC6NNZ] c:\docume~1\lloyd\locals~1\temp\Otn.exe
uRun: [Axiwewotehokofa] rundll32.exe "c:\windows\ARALG42.dll",Startup
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [<NO NAME>]
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NPSStartup]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Dfaxu] rundll32.exe "c:\windows\eluwiqul.dll",Startup
mRun: [tukdtjsr] c:\windows\system32\tukdtjsr.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-19 307288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-19 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 42184]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-23 238952]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-27 304464]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-11-15 583640]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-7-8 193840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-23 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-27 20952]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-27 38224]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 Input Manager;Input Manager;c:\windows\temp\Input Manager.bat [2011-4-27 48]
S2 MouseDriver;MouseDriver;c:\windows\temp\MouseDriver.bat [2011-4-27 45]
S2 Plug Manager;Plug Manager;c:\windows\temp\Plug.bat [2011-4-27 48]
S3 cpuz132;cpuz132;\??\c:\docume~1\lloyd\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\lloyd\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-7-19 23456]
.
=============== Created Last 30 ================
.
2011-04-28 00:41:09 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-04-28 00:40:30 -------- d-s---w- C:\ComboFix
2011-04-28 00:36:10 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-04-28 00:30:55 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-04-27 20:43:52 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-27 20:36:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 20:36:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 20:36:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 20:31:00 -------- d-----w- c:\docume~1\lloyd\applic~1\Malwarebytes
2011-04-27 20:30:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-27 20:21:39 -------- d-----w- c:\windows\system32\LogFiles
2011-04-27 19:56:04 133120 ----a-w- c:\windows\Oworib.exe
2011-04-27 19:24:02 -------- d-----w- c:\docume~1\lloyd\locals~1\applic~1\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B}
2011-04-27 19:21:24 133120 ----a-w- c:\windows\Oworia.exe
2011-04-27 19:21:19 157184 --sha-r- c:\windows\system32\dssecz.dll
2011-04-27 19:21:19 157184 --sha-r- c:\windows\system32\dmintft.dll
.
==================== Find3M ====================
.
2011-04-18 17:25:12 40112 ----a-w- c:\windows\avastSS.scr
2011-03-22 16:18:41 5461664 ----a-w- c:\program files\m4a-to-mp3-converter.exe
2011-03-22 14:45:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-03-23 14:05:20 581120 ----a-w- c:\program files\lame.exe
.
============= FINISH: 21:19:15.84 ===============

Hi, sorry about replying before anybody else, but when i tried to run gmer again the next day i got a bsod before it would let me run any type of scan.

Thanks

Floyd

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 28 April 2011 - 06:11 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:08 AM

Posted 07 May 2011 - 02:33 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Floydy

Floydy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 08 May 2011 - 08:37 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB67F7000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
0xB10FE000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6287360 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB6420000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3633152 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xB0B16000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 3489792 bytes (-, UVC Camera Streaming Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB0A4E000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 819200 bytes
0xB7E43000 iaStor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7D6D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB604C000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xB0E8E000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xB0F47000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB39D8000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB104E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xACEB5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB60C8000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xB0EFE000 C:\WINDOWS\System32\Drivers\aswSP.SYS 299008 bytes (AVAST Software, avast! self protection module)
0xBD61F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xACB04000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB518C000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 217088 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB3A36000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xADA37000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D40000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAC6B9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB0FB7000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6797000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB1026000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB0E6A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB10DA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB67BF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5169000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB1004000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB0FE2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7E23000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D26000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAE221000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB7DFA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5152000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xADFDC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB611A000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB613F000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB67E3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB10A7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E11000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB3A66000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB612E000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0xADCC4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82E8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8178000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB74A2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB437E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB74C2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8218000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB7512000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB5127000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8228000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB50A7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8198000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB8158000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB74D2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB439E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xACC25000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xB8208000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xACDB5000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB5097000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8188000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xACA3C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8400000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8470000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8358000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB4AF8000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xB8380000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8388000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB83C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB4A50000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB8490000 C:\WINDOWS\System32\Drivers\StarOpen.SYS 24576 bytes
0xB8440000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB3A81000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8460000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xB8360000 C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0xB8480000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB4057000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8458000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB4077000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8390000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB84C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB7CA9000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB8590000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB4B28000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB40DB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAE39C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB84C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xB4AA4000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB84BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB49B4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB49D0000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB49CC000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7CEA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB4AC0000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB7238000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB3DBB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB3DBD000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85F8000 C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys 8192 bytes (Hewlett-Packard Development Company, L.P., HP Remote Control HID Device)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8620000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB85EE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB4AD6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB862E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8712000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8757000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB874A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


OTL logfile created on: 5/8/2011 9:22:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lloyd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 102.21 Gb Free Space | 68.58% Space Free | Partition Type: NTFS
Drive F: | 999.63 Mb Total Space | 166.00 Mb Free Space | 16.61% Space Free | Partition Type: FAT

Computer Name: LLOYD-6080F3B4F | User Name: Lloyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 21:20:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lloyd\Desktop\OTL.exe
PRC - [2011/05/06 15:24:55 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Lloyd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/04/27 15:21:37 | 000,047,104 | ---- | M] () -- C:\WINDOWS\Temp\wng703.exe
PRC - [2011/04/21 19:01:07 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/06/26 13:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/10/14 16:43:06 | 003,217,368 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2002/02/20 21:01:32 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 21:20:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lloyd\Desktop\OTL.exe
MOD - [2011/05/08 19:46:02 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Lloyd\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2002/02/27 13:16:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Plug Manager)
SRV - [2011/04/27 17:37:50 | 000,000,048 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\Temp\Input Manager.bat -- (Input Manager)
SRV - [2011/04/27 15:57:16 | 000,000,045 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\Temp\MouseDriver.bat -- (MouseDriver)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/22 15:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/19 12:33:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/30 19:56:24 | 006,032,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/26 22:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/04/26 22:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010/04/26 22:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/20 11:15:32 | 003,485,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/06/26 09:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007/08/08 23:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
IE - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1547161642-2077806209-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B}: C:\Documents and Settings\Lloyd\Local Settings\Application Data\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B} [2011/04/27 15:24:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/05/08 19:47:23 | 000,000,779 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1547161642-2077806209-839522115-1003..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1547161642-2077806209-839522115-1003..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-1547161642-2077806209-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1547161642-2077806209-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/08 13:00:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 21:22:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lloyd\Desktop\OTL.exe
[2011/05/02 14:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/02 14:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/02 14:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/04/27 20:45:11 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/27 20:40:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/27 20:40:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/27 20:33:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 16:43:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/27 16:36:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/27 16:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/27 16:36:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/27 16:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/27 16:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lloyd\Application Data\Malwarebytes
[2011/04/27 16:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/27 16:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/27 15:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lloyd\Local Settings\Application Data\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B}
[2011/03/22 12:18:40 | 005,461,664 | ---- | C] (ManiacTools.com ) -- C:\Program Files\m4a-to-mp3-converter.exe
[2009/06/29 13:48:06 | 000,239,616 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/02/16 13:32:38 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 21:20:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lloyd\Desktop\OTL.exe
[2011/05/08 21:20:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2077806209-839522115-1003UA.job
[2011/05/08 19:50:58 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/08 19:50:58 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/08 19:46:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/08 19:46:01 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\undbw.job
[2011/05/08 19:45:56 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\meho.job
[2011/05/08 19:45:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/08 12:56:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 15:22:53 | 000,025,399 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2011/05/04 10:54:15 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Lloyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 14:26:47 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/01 13:59:26 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qvuyanomozolo.dat
[2011/05/01 13:59:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mvulubinago.bin
[2011/05/01 01:20:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2077806209-839522115-1003Core.job
[2011/04/30 06:15:54 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Lloyd\Desktop\Google Chrome.lnk
[2011/04/30 06:15:54 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Lloyd\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/28 09:12:06 | 000,258,490 | ---- | M] () -- C:\Documents and Settings\Lloyd\My Documents\Report rootkit
[2011/04/27 21:33:55 | 000,003,751 | ---- | M] () -- C:\Documents and Settings\Lloyd\My Documents\Attach.rar
[2011/04/27 21:30:32 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Lloyd\Desktop\gmer.zip
[2011/04/27 20:39:41 | 004,329,517 | R--- | M] () -- C:\Documents and Settings\Lloyd\Desktop\ComboFix.exe
[2011/04/27 20:10:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 17:32:55 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/27 16:43:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/27 16:36:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 15:21:19 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dssecz.dll
[2011/04/27 15:21:19 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dmintft.dll
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/16 08:09:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 22:12:04 | 000,104,659 | ---- | M] () -- C:\Documents and Settings\Lloyd\My Documents\Marcey.tt10
[2011/04/12 14:30:28 | 000,085,520 | ---- | M] () -- C:\Documents and Settings\Lloyd\My Documents\Marcey.ttbk
[2011/04/12 10:32:05 | 000,296,372 | ---- | M] () -- C:\Documents and Settings\Lloyd\My Documents\Marcey_cra.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/02 14:26:47 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/01 13:59:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qvuyanomozolo.dat
[2011/05/01 13:59:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mvulubinago.bin
[2011/04/28 09:24:48 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Lloyd\Desktop\gmer.exe
[2011/04/28 09:12:05 | 000,258,490 | ---- | C] () -- C:\Documents and Settings\Lloyd\My Documents\Report rootkit
[2011/04/27 21:33:55 | 000,003,751 | ---- | C] () -- C:\Documents and Settings\Lloyd\My Documents\Attach.rar
[2011/04/27 21:30:28 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Lloyd\Desktop\gmer.zip
[2011/04/27 21:27:21 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Lloyd\My Documents\gmer.exe
[2011/04/27 20:39:41 | 004,329,517 | R--- | C] () -- C:\Documents and Settings\Lloyd\Desktop\ComboFix.exe
[2011/04/27 16:36:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 15:21:21 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\undbw.job
[2011/04/27 15:21:21 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\meho.job
[2011/04/27 15:21:19 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dssecz.dll
[2011/04/27 15:21:19 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dmintft.dll
[2011/04/13 09:59:36 | 000,025,399 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2011/04/12 14:30:23 | 000,104,659 | ---- | C] () -- C:\Documents and Settings\Lloyd\My Documents\Marcey.tt10
[2011/04/12 14:30:23 | 000,085,520 | ---- | C] () -- C:\Documents and Settings\Lloyd\My Documents\Marcey.ttbk
[2011/04/12 10:32:05 | 000,296,372 | ---- | C] () -- C:\Documents and Settings\Lloyd\My Documents\Marcey_cra.pdf
[2011/03/22 12:38:49 | 000,098,526 | ---- | C] () -- C:\Program Files\history.html
[2011/03/22 12:38:49 | 000,042,860 | ---- | C] () -- C:\Program Files\switchs.html
[2011/03/22 12:38:49 | 000,008,252 | ---- | C] () -- C:\Program Files\id3.html
[2011/03/22 12:38:49 | 000,006,835 | ---- | C] () -- C:\Program Files\node6.html
[2011/03/22 12:38:49 | 000,004,764 | ---- | C] () -- C:\Program Files\basic.html
[2011/03/22 12:38:49 | 000,003,920 | ---- | C] () -- C:\Program Files\contributors.html
[2011/03/22 12:38:49 | 000,002,240 | ---- | C] () -- C:\Program Files\modes.html
[2011/03/22 12:38:49 | 000,002,113 | ---- | C] () -- C:\Program Files\index.html
[2011/03/22 12:38:49 | 000,001,661 | ---- | C] () -- C:\Program Files\examples.html
[2011/03/22 12:38:49 | 000,000,708 | ---- | C] () -- C:\Program Files\lame.css
[2011/03/22 12:38:48 | 000,581,120 | ---- | C] () -- C:\Program Files\lame.exe
[2011/03/22 12:36:29 | 000,576,082 | ---- | C] () -- C:\Program Files\lame3.98.4.zip
[2011/03/22 12:29:48 | 001,336,025 | ---- | C] () -- C:\Program Files\lame-3.98.4.tar.gz
[2011/03/22 12:08:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/02/22 15:56:19 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/10/05 12:46:29 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
[2010/09/21 11:58:29 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/21 11:58:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/01 15:38:11 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Lloyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/23 09:58:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/23 09:58:35 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/07/23 09:58:28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Lloyd\Application Data\$_hpcst$.hpc
[2010/07/23 08:35:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/07/23 08:34:41 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/07/19 18:12:13 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/19 13:21:02 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/19 12:06:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/07/19 12:05:45 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2010/07/19 12:05:45 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2010/07/19 11:43:03 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/19 11:43:02 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/19 11:43:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/19 11:41:43 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/19 11:31:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/19 11:31:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/08 13:26:02 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/07/08 13:03:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 12:58:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/08 05:40:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/08 05:39:12 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/20 11:15:32 | 003,485,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/12/29 12:13:30 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006/05/19 06:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,020,482 | ---- | C] () -- C:\WINDOWS\System32\s3orsys.dll
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

< End of report >


OTL Extras logfile created on: 5/8/2011 9:22:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lloyd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 102.21 Gb Free Space | 68.58% Space Free | Partition Type: NTFS
Drive F: | 999.63 Mb Total Space | 166.00 Mb Free Space | 16.61% Space Free | Partition Type: FAT

Computer Name: LLOYD-6080F3B4F | User Name: Lloyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1547161642-2077806209-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Discordia, LTD)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster
"C:\Documents and Settings\Lloyd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Lloyd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Limewire Plus+\limewire.exe" = C:\Program Files\Limewire Plus+\limewire.exe:*:Enabled:LimeWire p2p for windows
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Discordia, LTD)
"C:\WINDOWS\Temp\Managee.exe" = C:\WINDOWS\Temp\Managee.exe:*:Enabled:hig39gahir.exe
"C:\WINDOWS\Temp\conima.exe" = C:\WINDOWS\Temp\conima.exe:*:Enabled:hig39gahir.exe
"C:\WINDOWS\TEMP\69b5m6she.exe" = C:\WINDOWS\TEMP\69b5m6she.exe:*:Enabled:hig39gahir.exe
"C:\WINDOWS\TEMP\yo7nm5s4v.exe" = C:\WINDOWS\TEMP\yo7nm5s4v.exe:*:Enabled:hig39gahir.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{4956225B-6763-4944-9B70-E31403D1DFC9}" = Shareaza
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5D5C44D0-C533-4110-9765-2CCAE0E37126}" = Samsung PC Studio 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}" = Dealio Toolbar v4.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.94
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"Fruit_Machine_Emulators" = Fruit Machine Emulators
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pixelfusion WMP Plugin_is1" = Pixelfusion WMP Plugin 1.60
"PokerStars" = PokerStars
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Shareaza" = Shareaza
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.0
"vShare" = vShare Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2011 1:34:16 AM | Computer Name = LLOYD-6080F3B4F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module eluwiqul.dll, version 7.0.1601.62, fault address 0x00025e4b.

Error - 4/29/2011 7:49:15 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module eluwiqul.dll, version 1.46.0.0, fault address 0x00025e4b.

Error - 4/29/2011 7:55:27 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2011 1:25:32 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/2/2011 2:21:49 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.1.59.112, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/2/2011 2:23:14 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.1.59.112, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/2/2011 2:23:36 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.19048, fault address 0x000de78f.

Error - 5/4/2011 10:06:10 AM | Computer Name = LLOYD-6080F3B4F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2011 1:19:09 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2011 1:19:09 PM | Computer Name = LLOYD-6080F3B4F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/5/2011 5:36:39 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MouseDriver service to
connect.

Error - 5/6/2011 8:01:56 AM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Input Manager service
to connect.

Error - 5/6/2011 8:01:56 AM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MouseDriver service to
connect.

Error - 5/6/2011 2:53:35 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Input Manager service
to connect.

Error - 5/6/2011 2:53:35 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MouseDriver service to
connect.

Error - 5/6/2011 3:24:57 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 5/8/2011 12:57:38 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Input Manager service
to connect.

Error - 5/8/2011 12:57:38 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MouseDriver service to
connect.

Error - 5/8/2011 7:47:10 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Input Manager service
to connect.

Error - 5/8/2011 7:47:10 PM | Computer Name = LLOYD-6080F3B4F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MouseDriver service to
connect.


< End of report >



Thank you very much for your help.

Lloyd

#4 Floydy

Floydy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 08 May 2011 - 08:39 PM

t

Edited by Floydy, 09 May 2011 - 07:21 AM.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:08 AM

Posted 09 May 2011 - 09:37 AM

Hi Lloyd,

Lets get started.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    PRC - [2011/04/27 15:21:37 | 000,047,104 | ---- | M] () -- C:\WINDOWS\Temp\wng703.exe
    IE - HKU\S-1-5-21-1547161642-2077806209-839522115-1003\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
    O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NPSStartup] File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/04/27 15:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lloyd\Local Settings\Application Data\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B}
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]
    [2011/05/08 19:46:01 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\undbw.job
    [2011/05/08 19:45:56 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\meho.job
    [2011/05/01 13:59:26 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qvuyanomozolo.dat
    [2011/05/01 13:59:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mvulubinago.bin
    [2011/04/27 15:21:19 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dssecz.dll
    [2011/04/27 15:21:19 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dmintft.dll
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]
    [2011/05/01 13:59:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qvuyanomozolo.dat
    [2011/05/01 13:59:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mvulubinago.bin
    [2011/04/27 15:21:21 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\undbw.job
    [2011/04/27 15:21:21 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\meho.job
    [2011/04/27 15:21:19 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dssecz.dll
    [2011/04/27 15:21:19 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dmintft.dll
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\Temp\Managee.exe"=-
    "C:\WINDOWS\Temp\conima.exe"=-
    "C:\WINDOWS\TEMP\69b5m6she.exe"=-
    "C:\WINDOWS\TEMP\yo7nm5s4v.exe"=-
    :Files
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Floydy

Floydy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 09 May 2011 - 06:00 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named wng703.exe was found!
Registry value HKEY_USERS\S-1-5-21-1547161642-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
C:\Program Files\vShare\vshare_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Lloyd\Local Settings\Application Data\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B}\chrome\content folder moved successfully.
C:\Documents and Settings\Lloyd\Local Settings\Application Data\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B}\chrome folder moved successfully.
C:\Documents and Settings\Lloyd\Local Settings\Application Data\{8556603F-6C1D-4DB5-9F1C-48E80AD5477B} folder moved successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1CC.tmp deleted successfully.
C:\WINDOWS\System32\SET1D0.tmp deleted successfully.
C:\WINDOWS\System32\SET1D1.tmp deleted successfully.
C:\WINDOWS\System32\SET1D8.tmp deleted successfully.
C:\WINDOWS\003062_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\32788R22FWJFW.0.tmp\firefox.exe deleted successfully.
C:\32788R22FWJFW.0.tmp\iexplore.exe deleted successfully.
C:\32788R22FWJFW.0.tmp folder deleted successfully.
C:\32788R22FWJFW.1.tmp\firefox.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\iexplore.exe deleted successfully.
C:\32788R22FWJFW.1.tmp folder deleted successfully.
C:\32788R22FWJFW.2.tmp\N_\1878 deleted successfully.
C:\32788R22FWJFW.2.tmp\N_\23735 deleted successfully.
C:\32788R22FWJFW.2.tmp\N_ folder deleted successfully.
C:\32788R22FWJFW.2.tmp\License\Curl - license.txt deleted successfully.
C:\32788R22FWJFW.2.tmp\License\dumphive-license.txt deleted successfully.
C:\32788R22FWJFW.2.tmp\License\EXTRACT.TXT deleted successfully.
C:\32788R22FWJFW.2.tmp\License\FI - license.txt deleted successfully.
C:\32788R22FWJFW.2.tmp\License\firefox.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\License\iexplore.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\License\mtee.txt.txt deleted successfully.
C:\32788R22FWJFW.2.tmp\License\ncmd.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\License\pv_5_2_2.zip deleted successfully.
C:\32788R22FWJFW.2.tmp\License\streamtools.zip deleted successfully.
C:\32788R22FWJFW.2.tmp\License\UnxUtilsDist.com deleted successfully.
C:\32788R22FWJFW.2.tmp\License\UnxUtilsDist.html deleted successfully.
C:\32788R22FWJFW.2.tmp\License\UnxUtilsDist.pif deleted successfully.
C:\32788R22FWJFW.2.tmp\License\Zip - license.txt deleted successfully.
C:\32788R22FWJFW.2.tmp\License folder deleted successfully.
C:\32788R22FWJFW.2.tmp\EN-US folder deleted successfully.
C:\32788R22FWJFW.2.tmp\firefox.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\FIXLSP.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\FKMGen.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\GetHive.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\grep.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\gsar.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\handle.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\HDPEInfo.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\hidec.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\history.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\hwid.pif deleted successfully.
C:\32788R22FWJFW.2.tmp\iexplore.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\image001.gif deleted successfully.
C:\32788R22FWJFW.2.tmp\Imefile.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\Install-RC.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\katch.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\Kill-All.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\Lang.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\List-B.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\List-C.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\List-D.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\List.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\lnkread.vbs deleted successfully.
C:\32788R22FWJFW.2.tmp\LocalAppDataFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\LocalAppDataFolder.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\LocalService.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\LocalServiceNetworkRestricted.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\LocalSettingsFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\LocalSystemNetworkRestricted.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\mbr.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\mbr.chk deleted successfully.
C:\32788R22FWJFW.2.tmp\md5sum.pif deleted successfully.
C:\32788R22FWJFW.2.tmp\MoveIt.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\mtee.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\MtPt00 deleted successfully.
C:\32788R22FWJFW.2.tmp\mynul.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\ncmd.com deleted successfully.
C:\32788R22FWJFW.2.tmp\ndis_combofix.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\ND_.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\ND_64.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\netsvc.bad.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\netsvc.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\netsvc.vista.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\netsvc.xp.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\NetworkService.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\NirCmd.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\NircmdB.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\NirCmdC.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\NIRKMD.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\NlsLanguageDefault deleted successfully.
C:\32788R22FWJFW.2.tmp\NT-OS.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\OSid.vbs deleted successfully.
C:\32788R22FWJFW.2.tmp\OsVer deleted successfully.
C:\32788R22FWJFW.2.tmp\P.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\pausep.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\PersonalFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\PersonalFolder.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\PEV.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\pev.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\pevb.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\PING.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\Policies.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\powp.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\prep.done deleted successfully.
C:\32788R22FWJFW.2.tmp\Prep.inf deleted successfully.
C:\32788R22FWJFW.2.tmp\ProfilesFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\ProfilesFolder.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\ProgramsFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\ProgramsFolder.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\Purity.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\PV.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\pv.com deleted successfully.
C:\32788R22FWJFW.2.tmp\RCLink.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\REGDACL.sed deleted successfully.
C:\32788R22FWJFW.2.tmp\RegDo.sed deleted successfully.
C:\32788R22FWJFW.2.tmp\region.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\RegScan.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\RegScan64.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\Resident.txt deleted successfully.
C:\32788R22FWJFW.2.tmp\restore_pt.vbs deleted successfully.
C:\32788R22FWJFW.2.tmp\Rkey.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\rmbr.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\rogues.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\ROUTE.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\run2.sed deleted successfully.
C:\32788R22FWJFW.2.tmp\Rust.str deleted successfully.
C:\32788R22FWJFW.2.tmp\s0rt.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\safeboot.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\safeboot.def.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\safeboot.def.vista.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\Safeboot.def.w7.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\sed.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\SetEnvmt.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\setpath.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\sfx.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\SnapShot.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\SRestore.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\srizbi.md5 deleted successfully.
C:\32788R22FWJFW.2.tmp\StartMenuFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\StartMenuFolder.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\StartUpFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\SuppScan.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\SvcDrv.vbs deleted successfully.
C:\32788R22FWJFW.2.tmp\svchost.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\svchost.vista.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\svchost.vista.x64.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\svchost.w7.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\svchost.w7.x64.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\svc_wht.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\SWREG.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\swreg.exe deleted successfully.
C:\32788R22FWJFW.2.tmp\swsc.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\swxcacls.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\system_ini.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\tail.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp\TemplatesFile.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\TemplatesFolder.cfx deleted successfully.
C:\32788R22FWJFW.2.tmp\toolbar.sed deleted successfully.
C:\32788R22FWJFW.2.tmp\Update-CF.cmd deleted successfully.
C:\32788R22FWJFW.2.tmp\VerCF.bat deleted successfully.
C:\32788R22FWJFW.2.tmp\VInfo deleted successfully.
C:\32788R22FWJFW.2.tmp\VInfo2 deleted successfully.
C:\32788R22FWJFW.2.tmp\Vipev.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\vistaMcode.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\vistareg.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\vun.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\VwinTemp.dacl deleted successfully.
C:\32788R22FWJFW.2.tmp\w2kreg.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\w2k_sock.dll deleted successfully.
C:\32788R22FWJFW.2.tmp\w7Mcode.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\w7reg.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\Wmi_rem.vbs deleted successfully.
C:\32788R22FWJFW.2.tmp\w_sock.dll deleted successfully.
C:\32788R22FWJFW.2.tmp\XP.mac deleted successfully.
C:\32788R22FWJFW.2.tmp\xpmcode.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\xpreg.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\XPSBoot.reg deleted successfully.
C:\32788R22FWJFW.2.tmp\zDomain.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\zhsvc.dat deleted successfully.
C:\32788R22FWJFW.2.tmp\zip.cfxxe deleted successfully.
C:\32788R22FWJFW.2.tmp folder deleted successfully.
C:\WINDOWS\tasks\undbw.job moved successfully.
C:\WINDOWS\tasks\meho.job moved successfully.
C:\WINDOWS\Qvuyanomozolo.dat moved successfully.
C:\WINDOWS\Mvulubinago.bin moved successfully.
C:\WINDOWS\system32\dssecz.dll moved successfully.
C:\WINDOWS\system32\dmintft.dll moved successfully.
File C:\WINDOWS\Qvuyanomozolo.dat not found.
File C:\WINDOWS\Mvulubinago.bin not found.
File C:\WINDOWS\tasks\undbw.job not found.
File C:\WINDOWS\tasks\meho.job not found.
File C:\WINDOWS\System32\dssecz.dll not found.
File C:\WINDOWS\System32\dmintft.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\Managee.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\conima.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\69b5m6she.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\yo7nm5s4v.exe deleted successfully.
========== FILES ==========
< type "C:\ComboFix.txt" /c >
C:\Documents and Settings\Lloyd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lloyd\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Lloyd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lloyd\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 371272 bytes
->Temporary Internet Files folder emptied: 327974 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lloyd
->Temp folder emptied: 2995251320 bytes
->Temporary Internet Files folder emptied: 1522983989 bytes
->Java cache emptied: 2755823 bytes
->Google Chrome cache emptied: 106059865 bytes
->Flash cache emptied: 2745142 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27498537 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104845552 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,542.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Lloyd
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05092011_183938

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

This the report i was presented with after running the above fix.

Many thanks

Lloyd

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:08 AM

Posted 10 May 2011 - 10:27 AM

Hi Lloyd!

Please run this tool:


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Floydy

Floydy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 10 May 2011 - 04:11 PM

Hi, thanks for the reply. I ran combofix, installed recovery console and everything was going well until after stage 50 it said 'deleting files' and then i a got a bsod and my computer restarted. I haven't tried running it again as stated above.

Thanks

Lloyd

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:08 AM

Posted 10 May 2011 - 05:27 PM

Lloyd,

Please see if ComboFix created a log file in your C:\ drive.

Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Look for ComboFix.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Floydy

Floydy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 10 May 2011 - 05:36 PM

Sorry, there is no log in the location you specified.

Thanks

Lloyd

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:08 AM

Posted 10 May 2011 - 05:44 PM

Please run this tool:


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Floydy

Floydy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 10 May 2011 - 05:58 PM

2011/05/10 18:55:53.0046 2112 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 18:55:53.0609 2112 ================================================================================
2011/05/10 18:55:53.0609 2112 SystemInfo:
2011/05/10 18:55:53.0609 2112
2011/05/10 18:55:53.0609 2112 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/10 18:55:53.0609 2112 Product type: Workstation
2011/05/10 18:55:53.0609 2112 ComputerName: LLOYD-6080F3B4F
2011/05/10 18:55:53.0609 2112 UserName: Lloyd
2011/05/10 18:55:53.0609 2112 Windows directory: C:\WINDOWS
2011/05/10 18:55:53.0609 2112 System windows directory: C:\WINDOWS
2011/05/10 18:55:53.0609 2112 Processor architecture: Intel x86
2011/05/10 18:55:53.0609 2112 Number of processors: 2
2011/05/10 18:55:53.0609 2112 Page size: 0x1000
2011/05/10 18:55:53.0609 2112 Boot type: Normal boot
2011/05/10 18:55:53.0609 2112 ================================================================================
2011/05/10 18:55:53.0859 2112 Initialize success
2011/05/10 18:56:12.0562 1816 ================================================================================
2011/05/10 18:56:12.0562 1816 Scan started
2011/05/10 18:56:12.0562 1816 Mode: Manual;
2011/05/10 18:56:12.0562 1816 ================================================================================
2011/05/10 18:56:12.0781 1816 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/10 18:56:12.0859 1816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 18:56:12.0890 1816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/10 18:56:12.0937 1816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 18:56:12.0984 1816 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 18:56:13.0078 1816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/10 18:56:13.0156 1816 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/10 18:56:13.0171 1816 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/10 18:56:13.0187 1816 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/10 18:56:13.0218 1816 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/10 18:56:13.0234 1816 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/10 18:56:13.0265 1816 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/10 18:56:13.0312 1816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 18:56:13.0343 1816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 18:56:13.0390 1816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 18:56:13.0437 1816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 18:56:13.0484 1816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 18:56:13.0625 1816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 18:56:13.0640 1816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 18:56:13.0687 1816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 18:56:13.0703 1816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 18:56:13.0734 1816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 18:56:13.0796 1816 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/10 18:56:13.0843 1816 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/10 18:56:13.0937 1816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 18:56:14.0000 1816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 18:56:14.0031 1816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 18:56:14.0062 1816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 18:56:14.0109 1816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 18:56:14.0140 1816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 18:56:14.0187 1816 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
2011/05/10 18:56:14.0234 1816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 18:56:14.0281 1816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/10 18:56:14.0328 1816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 18:56:14.0359 1816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/10 18:56:14.0390 1816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/10 18:56:14.0453 1816 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/05/10 18:56:14.0468 1816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 18:56:14.0500 1816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 18:56:14.0546 1816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/10 18:56:14.0562 1816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 18:56:14.0609 1816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 18:56:14.0625 1816 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 18:56:14.0687 1816 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/05/10 18:56:14.0718 1816 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys
2011/05/10 18:56:14.0750 1816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 18:56:14.0812 1816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 18:56:14.0859 1816 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/10 18:56:14.0890 1816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 18:56:15.0093 1816 IntcAzAudAddService (7a9299f48d6f2e802e5b0e0dc508842a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/10 18:56:15.0171 1816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/10 18:56:15.0218 1816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/10 18:56:15.0250 1816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 18:56:15.0281 1816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 18:56:15.0328 1816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 18:56:15.0343 1816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 18:56:15.0375 1816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 18:56:15.0406 1816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 18:56:15.0437 1816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 18:56:15.0453 1816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/10 18:56:15.0484 1816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 18:56:15.0500 1816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 18:56:15.0562 1816 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2011/05/10 18:56:15.0625 1816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 18:56:15.0671 1816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 18:56:15.0687 1816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 18:56:15.0718 1816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/10 18:56:15.0750 1816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 18:56:15.0781 1816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 18:56:15.0843 1816 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 18:56:15.0875 1816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 18:56:15.0906 1816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 18:56:15.0937 1816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 18:56:15.0984 1816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 18:56:16.0015 1816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 18:56:16.0062 1816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 18:56:16.0093 1816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 18:56:16.0125 1816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 18:56:16.0156 1816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 18:56:16.0171 1816 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 18:56:16.0187 1816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 18:56:16.0203 1816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 18:56:16.0218 1816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 18:56:16.0250 1816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 18:56:16.0265 1816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 18:56:16.0312 1816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 18:56:16.0468 1816 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/05/10 18:56:16.0609 1816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/10 18:56:16.0625 1816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 18:56:16.0687 1816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 18:56:16.0734 1816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 18:56:17.0015 1816 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/10 18:56:17.0265 1816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 18:56:17.0281 1816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 18:56:17.0312 1816 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/10 18:56:17.0359 1816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/10 18:56:17.0375 1816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 18:56:17.0406 1816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 18:56:17.0421 1816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 18:56:17.0468 1816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 18:56:17.0531 1816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 18:56:17.0687 1816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 18:56:17.0703 1816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 18:56:17.0718 1816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 18:56:17.0750 1816 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 18:56:17.0859 1816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 18:56:17.0890 1816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 18:56:17.0906 1816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 18:56:17.0921 1816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 18:56:17.0953 1816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 18:56:17.0984 1816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 18:56:18.0000 1816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 18:56:18.0031 1816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 18:56:18.0078 1816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 18:56:18.0109 1816 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/10 18:56:18.0125 1816 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/10 18:56:18.0140 1816 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/10 18:56:18.0250 1816 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/10 18:56:18.0250 1816 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/10 18:56:18.0312 1816 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/10 18:56:18.0359 1816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 18:56:18.0406 1816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/10 18:56:18.0453 1816 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/10 18:56:18.0468 1816 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/10 18:56:18.0515 1816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/10 18:56:18.0578 1816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 18:56:18.0703 1816 SNP2UVC (cb403d702d0c6b558cf656646e71db7f) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/05/10 18:56:18.0875 1816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 18:56:18.0906 1816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 18:56:18.0953 1816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 18:56:19.0015 1816 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/05/10 18:56:19.0062 1816 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/05/10 18:56:19.0078 1816 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/05/10 18:56:19.0109 1816 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/05/10 18:56:19.0140 1816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 18:56:19.0187 1816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 18:56:19.0203 1816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 18:56:19.0312 1816 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/10 18:56:19.0359 1816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 18:56:19.0406 1816 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/05/10 18:56:19.0468 1816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 18:56:19.0531 1816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 18:56:19.0562 1816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 18:56:19.0625 1816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 18:56:19.0687 1816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 18:56:19.0734 1816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 18:56:19.0781 1816 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/10 18:56:19.0828 1816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 18:56:19.0875 1816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 18:56:19.0906 1816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 18:56:19.0937 1816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/10 18:56:19.0968 1816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/10 18:56:19.0984 1816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 18:56:20.0015 1816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/10 18:56:20.0031 1816 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/10 18:56:20.0062 1816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 18:56:20.0109 1816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 18:56:20.0171 1816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 18:56:20.0218 1816 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/10 18:56:20.0265 1816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 18:56:20.0328 1816 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/10 18:56:20.0390 1816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 18:56:20.0453 1816 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/05/10 18:56:20.0656 1816 ================================================================================
2011/05/10 18:56:20.0656 1816 Scan finished
2011/05/10 18:56:20.0656 1816 ================================================================================

This is the log file, nothing was detected.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:08 AM

Posted 10 May 2011 - 06:07 PM

hmm..

Not what I was expecting.

Please try running ComboFix again.

Please attempt to run it in Safe Mode.

Entering Safe Mode

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Safe Mode
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Floydy

Floydy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 10 May 2011 - 06:37 PM

So I ran Combofix in safemode everything worked fine and my computer rebooted afterwards, after it had restarted it carried on writing the log into a .txt file which it then notified me of where it was saving it, when instructed to wait a few seconds for the log file to open I got a bsod again. But this time i do have the log file, please see below.

ComboFix 11-05-09.03 - Lloyd 05/10/2011 19:18:41.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2712 [GMT -4:00]
Running from: C:\Documents and Settings\Lloyd\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Lloyd\Application Data\Dealio
C:\Documents and Settings\Lloyd\Application Data\Dealio\res\widgets.xml
C:\Documents and Settings\Lloyd\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\Documents and Settings\Lloyd\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Lloyd\Application Data\PriceGong\Data\z.xml
C:\Documents and Settings\Lloyd\WINDOWS
C:\Program Files\Search Settings


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_INPUT_MANAGER
-------\Legacy_MOUSEDRIVER
-------\Legacy_PLUG_MANAGER
-------\Service_Input Manager
-------\Service_MouseDriver
-------\Service_Plug Manager


((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))


2011-05-09 22:04:28 . 2011-05-09 22:04:28 -------- d-----w- C:\_OTL
2011-05-02 18:27:16 . 2011-05-02 18:27:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-05-02 18:26:46 . 2011-05-02 18:26:46 -------- d-----w- C:\Program Files\Common Files\Skype
2011-04-27 21:44:28 . 2011-04-27 23:38:27 -------- d-----w- C:\Documents and Settings\Administrator
2011-04-27 20:43:52 . 2011-04-18 17:17:46 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-04-27 20:36:50 . 2010-04-29 19:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-27 20:36:48 . 2010-04-29 19:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-27 20:36:46 . 2011-04-27 21:02:17 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-27 20:31:00 . 2011-04-27 20:31:00 -------- d-----w- C:\Documents and Settings\Lloyd\Application Data\Malwarebytes
2011-04-27 20:30:51 . 2011-04-27 20:30:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-04-27 20:21:39 . 2011-04-27 20:21:39 -------- d-----w- C:\WINDOWS\system32\LogFiles
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-18 17:25:12 . 2010-07-19 20:13:02 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-04-18 17:25:10 . 2010-07-19 20:13:02 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-04-18 17:17:34 . 2010-07-19 20:13:10 307288 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-04-18 17:16:18 . 2010-07-19 20:13:10 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-04-18 17:16:06 . 2010-07-19 20:13:10 102488 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-04-18 17:16:02 . 2010-07-19 20:13:10 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-04-18 17:13:21 . 2010-07-19 20:13:10 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-04-18 17:13:02 . 2010-07-19 20:13:10 30680 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-04-18 17:12:58 . 2010-07-19 20:13:10 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-03-22 16:18:41 . 2011-03-22 16:18:40 5461664 ----a-w- C:\Program Files\m4a-to-mp3-converter.exe
2011-03-07 05:33:50 . 2010-07-08 16:58:39 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2004-08-04 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2004-08-04 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2004-08-04 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2004-08-04 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 2004-08-04 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2004-08-04 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2004-08-04 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2004-08-04 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2010-07-19 18:54:55 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2004-08-04 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-03-23 14:05:20 . 2011-03-22 16:38:48 581120 ----a-w- C:\Program Files\lame.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54:02 175912 ----a-w- C:\Program Files\Freecorder\prxtbFre0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54:02 175912 ----a-w- C:\Program Files\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\prxtbFre0.dll" [2011-01-17 14:54:02 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\prxtbFre0.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25:04 122512 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 00:36:30 455968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 19:24:55 2424192]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 23:13:56 95576]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2009-10-14 20:43:06 3217368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 22:15:40 480560]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29:10 102400]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 22:44:58 178712]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 23:14:02 202032]
"snp2uvc"="C:\WINDOWS\system32\csnp2uvc.dll" [2009-02-16 17:32:38 196608]
"RTHDCPL"="RTHDCPL.EXE" [2010-05-01 00:22:34 19523616]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 15:44:34 31072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-07-09 23:24:34 13923432]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-08-10 09:15:54 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-09-01 12:32:00 421160]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 20:04:06 1164584]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 16:44:46 248552]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 22:57:20 718688]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-21 01:01:32 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 05:05:53 40368]
"SearchSettings"="C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 22:36:42 526336]
"Freecorder FLV Service"="C:\Program Files\Freecorder\FLVSrvc.exe" [2010-06-26 17:09:18 167936]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 19:39:32 437584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Lloyd\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [4/27/2011 4:43:52 PM 441176]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [7/19/2010 4:13:10 PM 307288]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25:48 PM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41:30 PM 67656]
R2 Application Updater;Application Updater;C:\Program Files\Application Updater\ApplicationUpdater.exe [1/28/2011 6:10:28 PM 387072]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [7/19/2010 4:13:10 PM 19544]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [7/23/2010 9:58:35 AM 238952]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2011 4:36:50 PM 304464]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/15/2010 11:03:51 PM 583640]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/8/2010 1:29:37 PM 193840]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [7/23/2010 9:58:35 AM 36608]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [4/27/2011 4:36:50 PM 20952]
S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys --> C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 DrvAgent32;DrvAgent32;C:\WINDOWS\system32\drivers\DrvAgent32.sys [7/19/2010 12:33:34 PM 23456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34:48 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2011-05-01 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2077806209-839522115-1003Core.job
- C:\Documents and Settings\Lloyd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 01:10:54 . 2011-03-20 01:10:53]

2011-05-10 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2077806209-839522115-1003UA.job
- C:\Documents and Settings\Lloyd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 01:10:54 . 2011-03-20 01:10:53]

2011-05-10 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2010-07-20 03:00:44 . 2009-03-11 02:18:08]


------- Supplementary Scan -------

uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 19:26:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:08 AM

Posted 10 May 2011 - 06:56 PM

Hi!

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users